Skillv1.1.0

ClawScan security

Self-Prompt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 4:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it provides scripts and instructions to force agents to process automated messages via the openclaw agent CLI and then relay the response to chat; there are no unexplained credentials, network endpoints, or installation steps, only minor author-specific defaults to review.
Guidance: This skill appears to do exactly what it says: it wraps the openclaw CLI to force an agent response and deliver it to chat. Before installing or running it: 1) Verify the OPENCLAW_PATH used points to your openclaw binary (or set OPENCLAW_PATH explicitly) — the bundled default is an author-specific path. 2) Review and, if desired, change the log path (~/agent_task.log) to a location with appropriate permissions to avoid exposing sensitive output. 3) Avoid including secrets or sensitive data in automated messages sent to agents (they will appear in agent logs and chat). 4) Test in a non-production environment so you can confirm session-key formatting and timeout behavior. Overall the package is coherent, but exercise normal caution when letting automated scripts trigger agent actions.

Review Dimensions

Purpose & Capability: okThe name/description match the included scripts and SKILL.md: both the bash and Python helpers call `openclaw agent` to force an agent turn and then use `openclaw message send` to deliver the response. Nothing requested or included (no env vars, no external URLs, no system-wide config access) is disproportionate to that purpose.
Instruction Scope: noteSKILL.md and the scripts remain within the stated scope (trigger agent turn, capture stdout, deliver back to chat). The scripts write an append-only log at ~/agent_task.log and require correct session-key formatting. They also cause the agent to run arbitrary prompts you supply — which is the point, but you should be aware that any secrets included in messages will be sent to the agent and appear in logs and chat.
Install Mechanism: okNo install spec is provided (instruction-only skill with bundled scripts). That is low-risk: nothing is downloaded or executed automatically on install beyond the provided scripts.
Credentials: noteThe skill requests no credentials or environment variables. The only environment dependence is an override variable OPENCLAW_PATH; the default hardcoded path (/home/eliran/.nvm/current/bin/openclaw) is author-specific and may not exist on other systems — harmless but odd and worth adjusting to a generic default or requiring OPENCLAW_PATH to be set explicitly.
Persistence & Privilege: okalways is false and model invocation is allowed (normal). The skill only writes to its own log file in the user's home and does not modify other skills or system-wide agent settings.